CNCS - Alert Detail

01 Nov 2022

Vulnerability Alert - OpenSSL

TYPE

Vulnerabilities

SYSTEMS AFFECTED

OpenSSL 3.x

ECOSYSTEM

Other

Description

OpenSSL published a security advisory where it addresses two Buffer Overflow vulnerabilities (CVE-2022-3602 and CVE-2022-3786). All versions OpenSSL 3.x are affected.
Please refer to [1] for details on the vulnerabilities.

Impact

It could result in denial of service attacks, as well as, potentially remote code execution.

Resolution

It is recommended to upgrade to OpenSSL 3.0.7 (or to a more recent version).

References

[1] https://www.openssl.org/news/secadv/20221101.txt

[2] https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/

Citizen

Public Administration

Organizations

IT Professionals

Vulnerability Alert - OpenSSL

Vulnerability Alert - OpenSSL